Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-49318

    Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-49322

    Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.2

    HIGH
    CVE-2024-9184

    The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to in... Read more

    Affected Products : free_web_push
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-49291

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-48920

    PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensi... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.1

    HIGH
    CVE-2024-48032

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups ... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-49284

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-48038

    Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.6

    HIGH
    CVE-2024-48043

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.7

    HIGH
    CVE-2024-49399

    The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-43609

    Microsoft Office Spoofing Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43497

    DeepSpeed Remote Code Execution Vulnerability... Read more

    Affected Products : deepspeed
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.6

    MEDIUM
    CVE-2024-43480

    Azure Service Fabric for Linux Remote Code Execution Vulnerability... Read more

    Affected Products : linux_kernel azure_service_fabric
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-48911

    OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more

    Affected Products : opencanary
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9687

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-6757

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more

    Affected Products : website_builder
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43501

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-30117

    A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more

    Affected Products : bigfix_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-43500

    Windows Resilient File System (ReFS) Information Disclosure Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    HIGH
    CVE-2024-43502

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 291608 Results